upgrade to 23.11

flake.lock

@@ -110,16 +110,16 @@
         ]
       },
       "locked": {
-        "lastModified": 1700392168,
+        "lastModified": 1700814205,
-        "narHash": "sha256-v5LprEFx3u4+1vmds9K0/i7sHjT0IYGs7u9v54iz/OA=",
+        "narHash": "sha256-lWqDPKHRbQfi+zNIivf031BUeyciVOtwCwTjyrhDB5g=",
         "owner": "nix-community",
         "repo": "home-manager",
-        "rev": "28535c3a34d79071f2ccb68671971ce0c0984d7e",
+        "rev": "aeb2232d7a32530d3448318790534d196bf9427a",
         "type": "github"
       },
       "original": {
         "owner": "nix-community",
-        "ref": "release-23.05",
+        "ref": "release-23.11",
         "repo": "home-manager",
         "type": "github"
       }
@@ -162,32 +162,16 @@
     },
     "nixpkgs": {
       "locked": {
-        "lastModified": 1700989516,
+        "lastModified": 1701058557,
-        "narHash": "sha256-oKbmPa2wpTHh9XB3+zIx97uMZGNnp97GPliKKG2/plo=",
+        "narHash": "sha256-fux7HlrnoNs93MN0kET4AfiYwg/expoasndRCFeDRyk=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "d2e4de209881b38392933fabf303cde3454b0b4c",
+        "rev": "070b5cf9f70bc7ef2dfd739a1f7d6c563fe64bd1",
         "type": "github"
       },
       "original": {
         "owner": "NixOS",
-        "ref": "nixos-23.05",
+        "ref": "nixos-23.11",
-        "repo": "nixpkgs",
-        "type": "github"
-      }
-    },
-    "nixpkgs-unstable": {
-      "locked": {
-        "lastModified": 1700794826,
-        "narHash": "sha256-RyJTnTNKhO0yqRpDISk03I/4A67/dp96YRxc86YOPgU=",
-        "owner": "NixOS",
-        "repo": "nixpkgs",
-        "rev": "5a09cb4b393d58f9ed0d9ca1555016a8543c2ac8",
-        "type": "github"
-      },
-      "original": {
-        "owner": "NixOS",
-        "ref": "nixos-unstable",
         "repo": "nixpkgs",
         "type": "github"
       }
@@ -250,7 +234,6 @@
         "nix-index-database": "nix-index-database",
         "nixos-hardware": "nixos-hardware",
         "nixpkgs": "nixpkgs",
-        "nixpkgs-unstable": "nixpkgs-unstable",
         "nur": "nur",
         "pre-commit-hooks": "pre-commit-hooks",
         "zigpkgs": "zigpkgs"

flake.nix

@@ -2,9 +2,7 @@
   description = "motiejus/config";
 
   inputs = {
-    nixpkgs-unstable.url = "github:NixOS/nixpkgs/nixos-unstable";
+    nixpkgs.url = "github:NixOS/nixpkgs/nixos-23.11";
-
-    nixpkgs.url = "github:NixOS/nixpkgs/nixos-23.05";
     flake-utils.url = "github:numtide/flake-utils";
     flake-compat.url = "github:nix-community/flake-compat";
     nixos-hardware.url = "github:NixOS/nixos-hardware/master";
@@ -19,7 +17,7 @@
       };
     };
 
-    home-manager.url = "github:nix-community/home-manager/release-23.05";
+    home-manager.url = "github:nix-community/home-manager/release-23.11";
     home-manager.inputs.nixpkgs.follows = "nixpkgs";
 
     agenix = {
@@ -66,7 +64,6 @@
   outputs = {
     self,
     nixpkgs,
-    nixpkgs-unstable,
     agenix,
     deploy-rs,
     flake-utils,
@@ -95,12 +92,11 @@
       };
     deployPkgsIA64 = mkDeployPkgs "x86_64-linux";
     deployPkgsArm64 = mkDeployPkgs "aarch64-linux";
-    mkOverlays = system: [
+    # accepting "system" argument in case we need to construct
+    # nixpkgs-unstable. See git log around the switch from 23.05 to 23.11.
+    mkOverlays = _: [
       nur.overlay
       zigpkgs.overlays.default
-      (_final: _prev: {
-        pkgs-unstable = import nixpkgs-unstable {inherit system;};
-      })
     ];
   in
     {
@@ -287,7 +283,7 @@
                 hooks = {
                   alejandra.enable = true;
                   deadnix.enable = true;
-                  statix.enable = true;
+                  #statix.enable = true;
                 };
               };
             }
@@ -304,9 +300,6 @@
               inherit system;
             };
           })
-          (_final: _prev: {
-            pkgs-unstable = import nixpkgs-unstable {inherit system;};
-          })
         ];
       };
     in {

modules/profiles/desktop/default.nix

@@ -5,8 +5,6 @@
 }: {
   config = {
     hardware.bluetooth.enable = true;
-    services.blueman.enable = true;
-    services.udev.packages = [pkgs.yubikey-personalization];
 
     programs = {
       firefox.enable = true;
@@ -16,6 +14,8 @@
     mj.base.users.passwd.motiejus.extraGroups = ["adbusers" "networkmanager" "wireshark"];
 
     services = {
+      blueman.enable = true;
+      udev.packages = [pkgs.yubikey-personalization];
       acpid.enable = true;
       pcscd.enable = true;
       printing = {
@@ -24,13 +24,8 @@
       };
       openssh.settings.X11Forwarding = true;
 
-      # TODO post-23.11
+      logind.powerKey = "suspend";
-      #logind.powerKey = "suspend";
+      logind.powerKeyLongPress = "poweroff";
-      #logind.powerKeyLongPress = "poweroff";
-      logind.extraConfig = ''
-        HandlePowerKey=suspend
-        HandlePowerKeyLongPress=poweroff
-      '';
 
       xserver = {
         enable = true;

modules/services/headscale/default.nix

@@ -31,9 +31,7 @@
           oidc = {
             issuer = "https://git.jakstys.lt/";
             client_id = "e25c15ea-41ca-4bf0-9ebf-2be9f2d1ccea";
-            # TODO 23.11 from https://github.com/NixOS/nixpkgs/pull/249101/files
+            client_secret_path = "\${CREDENTIALS_DIRECTORY}/oidc-client-secret";
-            #client_secret_path = "\${CREDENTIALS_DIRECTORY}/oidc-client-secret";
-            client_secret_path = "/run/credentials/headscale.service/oidc-client-secret";
           };
         };
       };

modules/services/tailscale/default.nix

@@ -2,7 +2,6 @@
   config,
   lib,
   myData,
-  pkgs,
   ...
 }: let
   cfg = config.mj.services.tailscale;
@@ -20,7 +19,6 @@ in {
   config = mkIf cfg.enable (mkMerge [
     {
       services.tailscale.enable = true;
-      services.tailscale.package = pkgs.pkgs-unstable.tailscale;
       networking.firewall.checkReversePath = "loose";
       networking.firewall.allowedUDPPorts = [myData.ports.tailscale];
     }